A 2021 article in the WSJ about carbon emissions identified “[o]ne problem facing regulators and companies: Some of the most important and widely used data is hard to both measure and verify.” According to an academic cited in the article, the “measurement, target-setting, and management of Scope 3 is a mess.” As a result—and as the term “greenwashing” brings to mind—investors and other stakeholders are frequently apprehensive about the reliability of corporate disclosures regarding sustainability. One approach to address this concern is to obtain assurance to verify the data. However, the WSJ suggested that, based on data regarding verification of climate information provided on a voluntary basis, audits are a challenge. For one reason, verification of ESG data “is generally less rigorous than the external audits required for financial reporting.” Moreover, there is “no set standard for how climate data should be verified, or by whom.” That may be about to change—internationally, that is. Will the U.S. follow suit?
In May, SEC Chief Accountant Paul Munter, quoted here, cautioned his conference audience about the potential for audit committee overload. “More demands are being put on audit committees, sometimes on topics outside their core responsibility,” he said. “Audit committees need to be continually vigilant that they have enough time to focus on their core mission—protecting investors—and don’t let other topics cloud that out.” While the AC’s primary responsibilities are generally thought to be oversight of financial reporting, including the audit of a company’s financial statements and internal control over financial reporting, these days, the AC often becomes the default committee of choice for oversight of other emerging risks, such as cybersecurity and even ESG. With ACs now perhaps the “kitchen sink of the board,” are its members stretched too thin to carry out fundamental responsibilities? Are members being asked to operate outside of their core skillsets? What is the impact? These concerns appear to have prompted the panel at last week’s meeting of the SEC’s Investor Advisory Committee discussing AC workload and transparency.
Just how reliable are those carbon footprints that many large companies have been publishing in their sustainability reports? Even putting aside concerns about greenwashing, what about those nebulous Scope 3 GHG emissions? As we all know, the SEC is now is the midst of developing a proposal for mandatory climate-related disclosure. (See, e.g., this PubCo post and this PubCo post.) The WSJ reports that “[o]ne problem facing regulators and companies: Some of the most important and widely used data is hard to both measure and verify.” According to an academic cited in the article, the “measurement, target-setting, and management of Scope 3 is a mess….There is a wide range of uncertainty in Scope 3 emissions measurement…to the point that numbers can be absurdly off.”
To fulfill their oversight responsibilities, audit committees typically evaluate the outside auditor at least annually to determine, in part, whether the auditor should be engaged for the subsequent fiscal year. The Center for Audit Quality has just published a new updated External Auditor Assessment Tool, which is “designed to assist audit committees in carrying out their responsibilities of appointing, overseeing, and determining compensation for the external auditor.” Beyond oversight, the CAQ observes that a “[r]obust, two-way dialogue that includes providing constructive feedback to the external auditor may improve audit quality and enhance the relationship between the audit committee and the external auditor.” Like many other helpful CAQ tools, this tool provides a number of sample questions to help audit committees satisfy their oversight obligations with regard to the outside auditor. (The discussion below includes only a sampling of the CAQ’s questions provided in the Assessment Tool.) The CAQ also provides a sample form that can be used to solicit input about the outside auditor from company personnel who have had substantial contact with the auditor.
CAQ discusses lessons learned from “dry runs” on critical audit matters and related questions for audit committees
As you may recall, auditors of large accelerated filers will be required to report on CAMs—critical audit matters—in their auditor’s reports for fiscal years ending on or after June 30, 2019 and in auditor’s reports for all other companies (except EGCs) to which the requirements apply for fiscal years ending on or after December 15, 2020. (See this PubCo post.) As SEC Commissioner Kara Stein observed in her statement on approval of the new rule, the new “standard marks the first significant change to the auditor’s report in more than 70 years.” Because the selection of and disclosure regarding CAMs will certainly present a challenge for both auditors and audit committees, auditors have been taking steps to prepare for the coming change, including conducting “dry runs” to get a better handle on how the new CAM disclosures will look and how the process will affect financial reporting. To provide some lessons learned from these early dry runs and enhance the understanding of audit committees, auditors and other participants in the process, the Center for Audit Quality has published Critical Audit Matters: Lessons Learned, Questions to Consider, and an Illustrative Example.
The Center for Audit Quality, working with Audit Analytics, has just released a new edition of its annual Audit Committee Transparency Barometer, which, over the past five years, has measured the robustness of audit committee disclosures in proxy statements among companies in the S&P Composite 1500. The bottom line, according to the CAQ, is that the level of voluntary transparency has continued to steadily increase in most areas. The report includes several useful examples of the types of disclosure discussed.
The Center for Audit Quality has just issued Cybersecurity Risk Management Oversight: A Tool for Board Members. The tool offers questions that directors can ask of management and the auditors as part of their oversight of cybersecurity risks and disclosures. The questions are designed to initiate dialogue to clarify the role of the auditor in connection with cybersecurity risk assessment in the context of the audit of the financial statements and internal control over financial reporting (ICFR), and to help the board understand how the company is managing its cybersecurity risks.
The Center for Audit Quality has issued a new guide for audit committees related to non-GAAP financial measures. Based on information gained from a series of roundtables held in 2017, Non-GAAP Measures: A Roadmap for Audit Committees identifies common themes and key considerations for audit committees, including leading practices to help assess whether a company’s non-GAAP measures present “high-quality non-GAAP measures.” And what exactly is a “high-quality non-GAAP measure”? According to the CAQ, a non-GAAP measure is high-quality if it provides a “balanced representation of the company’s performance.”
2017 Audit Committee Transparency Barometer from the Center for Audit Quality shows continued increase in enhanced disclosures
Earlier this month, the Center for Audit Quality together with Audit Analytics posted their annual Audit Committee Transparency Barometer, which measured the quality of proxy disclosures regarding audit committees among companies in the S&P Composite 1500. The report shows continued voluntary enhancements to transparency and broadly increased disclosure around audit committee oversight of the external auditor. The report includes several useful examples of the types of disclosure discussed.
Remember Form AP? That’s the form that the PCAOB is now requiring audit firms to use to name individual audit engagement partners. The form will also disclose the names and Firm IDs, locations and extent of participation of any other accounting firms, outside of the principal auditor, that participated in the audit, if their work constituted 5% or more of the total audit hours. (See this PubCo post.) Should companies care? Yes, says the Center for Audit Quality: the disclosures made in Form AP can help audit committee members in satisfying their responsibilities to oversee the engagement audit firm as well as other audit participants.